/notebook/ros2/90-nat-proxy/index

index.md

by danaukes

Network Layout

Entity Interface IP
Computer A (Wi-Fi) wl2ps0 192.168.1.10/24
Computer A (Ethernet) eno1 192.168.2.10/24
Computer B (Ethernet) eno1 192.168.2.20/24
Virtual IP address for B on A 192.168.1.20/24
Computer C (Wi-Fi) - 192.168.1.XXX

Computer A

netplan

network:
    version: 2
    renderer: networkd
    ethernets:
      eno1:
        addresses:
          - 192.168.2.90/24
    wifis:
      wlp2s0:
        dhcp4: false
        addresses:
          - 192.168.1.90/24
          - 192.168.1.89/24
        nameservers:
          addresses:
          - 1.1.1.1
          - 8.8.8.8
          - 8.8.4.4
        optional: true
        routes:
        - to: default
          via: 192.168.1.1
        access-points:
          "theodore_buttonwillow":
             password: "6503531241"

/etc/nftables.conf

default:

#!/usr/sbin/nft -f

flush ruleset

table inet filter {
 chain input {
  type filter hook input priority filter;
 }
 chain forward {
  type filter hook forward priority filter;
 }
 chain output {
  type filter hook output priority filter;
 }

}

paste in the following

#!/usr/sbin/nft -f
flush ruleset

table ip nat {

  # ---------- DNAT (incoming traffic to B) ----------
  chain prerouting {
    #meta nftrace set 1;
    ip daddr 192.168.1.89 meta nftrace set 1;
    type nat hook prerouting priority -100;

    # 192.168.1.89 → forward to Computer B (192.168.2.91)
    ip daddr 192.168.1.89 dnat to 192.168.2.91
#    ip iif "wlp2s0" dnat to oif "eno1"
  }

  # ---------- SNAT (return traffic from B) ----------
  chain postrouting {
    type nat hook postrouting priority 100;

    # Ensure replies from B appear to come from 192.168.1.89
    ip saddr 192.168.2.91 snat to 192.168.1.89
#    ip iif "eno1" snat to oif "wlp2s0"
  }
}


table inet filter {

  chain forward {
    type filter hook forward priority 0;

    # Allow established traffic
    ct state established,related accept

    # Allow traffic to B
    ip daddr 192.168.2.91 accept

    # Allow return traffic from B
    ip saddr 192.168.2.91 accept

#    iif "wlp2s0" oif "eno1" accept
#    iif "eno1" oif "wlp2s0" accept
  }
}

sysctl.conf

net.ipv4.ip_forward=1

Computer B

Netplan

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses:
        - 192.168.2.91/24
      routes:
#      - to: 0.0.0.0
      - to: default
        via: 192.168.2.90
        metric: 100
      nameservers:
        addresses:
        - 1.1.1.1
        - 8.8.8.8
        - 8.8.4.4
#  wifis:
#    wlan0:
#      optional: true
#      dhcp4: false
#      addresses:
#        - 192.168.1.91/24
#      nameservers:
#        addresses:
#        - 1.1.1.1
#        - 8.8.8.8
#        - 8.8.4.4
#      routes:
#      - to: 0.0.0.0/0
#        via: 192.168.1.1
#        metric: 200
#      access-points:
#        "theodore_buttonwillow":
#           password: "6503531241"

Contents

About

I am an engineer and educator, having spent ten years as a professor. My goal is to help you build your knowledge of design and technology, get your hardware working, and propel your startup or small business. Get in touch!

Read More...

Archives

Elsewhere

  1. GitHub - danaukes
  2. GitHub - danb0b
  3. LinkedIn